UpdateOrchestrator Sleep Mod

By Dag J, on May 9th, 2018

UpdateOrchestrator is a part of Windows 10 and can by default wake up a computer from sleep to do update work, primarily from 2 specific tasks
in the schedule planner. These tasks are protected by the user SYSTEM against making changes, but this is easily bypassed with NSudo or
PsExec.

Check active wake timers on your system:

C:\> powercfg /waketimers

Only timers that are allowed to wake up your computer (under the task conditions) are generally a problem. But we can't change that if the SYSTEM is the task owner.

Start CMD as SYSTEM:

C:\PSTools> psexec -i -s cmd

Then from the new CMD window start the task scheduler:

C:\Windows\system32> taskschd.msc

Now you are running the scheduler as NT AUTHORITY\SYSTEM, and can effectively change the "reboot" and "schedule retry" tasks
under "Microsoft > Windows > UpdateOrchestrator" Check all tasks if they are allowed to activate your computer.
Turn all that off, and also deactivate the reboot task if it's active.

When that's done, you can navigate to the task files within:C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator

And set permissions for all users to only read + read & execute, to prevent Windows Update from changing it back.